A user downloaded an app from the Mac App Store to transfer a cryptocurrency wallet to a new MacBook. Within minutes, he lost 5.9 BTC — savings of ten years. There were more than fifty people like him.
How the scheme worked
A fake version of Ledger Live appeared on the Mac App Store under the developer account Leva Heal Limited — a company with no connection to the real Ledger. The app looked identical to the original and during "setup" asked users to enter a 24-word seed phrase. The real Ledger Live never does this: the phrase is entered exclusively on the physical device.
To simulate active development, the scammers artificially inflated "versioning": the app went from version 1.0 to 5.0 in just two weeks — one major update every few days. The attack lasted from April 7 to April 13.
"The three largest victims lost seven-figure sums: $3.23 million in USDT, $2.08 million in USDC, and $1.95 million in BTC, ETH and stETH"
— according to blockchain investigator ZachXBT
The money went through an exchange with a criminal history
The stolen funds were routed through more than 150 deposit addresses on KuCoin and were linked to the centralized mixer AudiA6, which profits from obfuscating illegal flows. The choice of platform was no accident: KuCoin paid over $300 million to American regulators in 2025 for violations of anti-money laundering laws, and in February 2026 Austrian authorities banned the exchange from attracting new customers from the EU. After public disclosure, KuCoin froze the related accounts — but only until April 20.
Apple: "we review every app" — but not this one
Apple's official position sounds like this: "Every app and every update is reviewed for compliance with privacy, security, and user protection requirements". The fake Ledger remained on the Mac App Store for approximately two weeks. Apple removed it after user complaints and has not commented since on how the app passed moderation.
This is not the first case. According to analysts, in 2025 crypto investors lost about $17 billion through hacks and fraud — and a significant portion of attacks use legitimate infrastructure for distribution: app stores, realistic interfaces, plausible setup scenarios. ZachXBT publicly suggested that the scale of losses could become the basis for a class action lawsuit against Apple.
- Losses: $9.5 million, over 50 victims in 6 days
- Vector: seed phrase via fake UI of official app
- Money laundering: 150+ KuCoin addresses → AudiA6 mixer
- Apple's response: app removal, no comments
Ledger consistently warns: no legitimate company app ever asks for a seed phrase on desktop. But if the App Store appears to be a security guarantee — and that's exactly what Apple has promoted as a marketing argument for years — then the question is simple: will anything change in the review process before Apple receives its first lawsuit?
